The Check Point ResearchTrill international versionTikTokMultiple holes
Popular global applicationsTikTokVery easy to reveal personal information, user address and email has not been immune
The world's leading network security solution providerThe Check Point ®Software technology co., LTD(nasdaq stock code: CHKP) threat intelligence Check Point Research revealed today, they're TikTok (trill international edition) found in multiple holes, these holes to allow an attacker manipulating the contents of a user account, and even extract save personal confidential information on these accounts.
TikTok user groups mostly teenagers and children, they are using TikTok sharing and storage of themselves and their loved ones private film (film content sometimes very sensitive).The study found that an attacker can send the user a fake SMS contains malicious link.Once the user click on a malicious link, the attacker can control its TikTok account and do all kinds of malicious actions, such as delete, upload film unauthorized films and private or public "hidden" film.
The study also found that TikTok subdomainshttps://ads.tiktok.comVulnerable to XSS attacks, this attack is by putting a malicious script into otherwise secure implementation of trusted sites.Check Point, the researchers use this a loophole to retrieve the personal information stored in the user account, including personal E-mail address and date of birthday.
The Check Point Research to TikTok developers disclosure of vulnerabilities, the study found that the latter has been released, responsibly to ensure that the user can continue to use TikTok safely.
Check Point, research director at the product flaw Oded Vanunu, said: "data is ubiquitous, data leakage occurred frequently, our latest research shows that some of the most popular application is doomed. Social media applications loophole attack extremely easily, because they have a lot of private data and a large attack surface. The attacker spend great cost, great kung fu is to attack these dimension large application. However, most users think they also use the application very safe."
, "said Dr TikTok security team Luke Deshotels TikTok attaches great importance to the user data security. Like many companies, we encourage responsible security researchers disclosed to our secret zero-day vulnerabilities. Before the public disclosure, CheckPoint has confirmed all reported problems have been done in the latest edition TikTok repair. Hope is a risk of successfully will promote a more similar to security cooperation in the future."
TikTok covering more than 150 countries and regions in the world, providing 75 languages, the number of users of more than 1 billion.There is no doubt that TikTok is one of the most downloaded application.As of October 2019, TikTok app downloads rankings in the United States, is the first to create a record of application in China.
Published the echoes